Such a crazy story, the backdoor was such a big security flaw in such wide use libraries across Linux and macOS. Andres, the Microsoft engineer instinctually investigated the slowness of the library and found the backdoor. He writes:

"I was doing some micro-benchmarking at the time, needed to quiesce the system to reduce noise. Saw sshd processes were using a surprising amount of CPU, despite immediately failing because of wrong usernames etc. Profiled sshd, showing lots of cpu time in liblzma, with perf unable to attribute it to a symbol. Got suspicious. Recalled that I had seen an odd valgrind complaint in automated testing of postgres, a few weeks earlier, after package updates.

Really required a lot of coincidences."

Maybe that engineer on your team that goes crazy about every single performance regression will one day they will save the world.